A process to bring county computer systems online after a malware infection is underway, officials said in an emergency meeting the morning of Monday, Feb. 3.
Damian Laviolette, Tillamook County Information Technology director, said after a lot of work the computer system is ready to be switched back on. He said in some cases systems would be fully functional, while some systems would not be restored without further efforts.
Starting with the Tillamook County Sheriff’s Office, Laviolette’s team planned to visit a number of county agencies Monday morning, overseeing the return of computer system operations and personally approving each staff member’s computer use. County employees will also go through a password change before accessing the system.
The county courthouse was next on the list, followed by the health department, public works, community development and other county offices. Laviolette said desk phones were operational and should be reliable. The library and courthouse websites are up, and an informational message is expected to be posted soon.
Elements of some county computer systems were totally removed from work stations. Laviolette said those devices need more time to determine whether the machines will be re-imaged (wiped and returned to factory settings), which might allow for a limited data rescue, although risky and time-consuming. He said critical systems such as file storage seem to be working.
“We’re still not fully out of this yet,” Laviolette said. “The forensic investigation, or the back-end side of the work, is still taking place.”
After meeting in a closed-door session Jan. 22, county officials confirmed a cyberattack took place. The county’s server, internal computer systems and website were down, and phone systems and email networks were affected. County computer network connections were disabled to contain the spread of malware.
County Commissioner Mary Faith Bell said at the time the malware was apparently ransomware in nature, though no demands had been received. It was first suspected to be a storage system technical issue, but it was quickly realized as a cybersecurity attack. Bell emphasized that there was no indication yet that any data was compromised in the attack.
Officials have not yet commented regarding possible cyberattack suspects. Asked by a county staff member if a ransom was paid to regain access, Tillamook County Commissioner David Yamamoto referred the question to Emergency Manager Gordon McCraw, who declined to comment beyond saying “we’re becoming operational, more to follow.”
McCraw said this past Friday he was not briefed regarding actions by cybersecurity firm Arete, who was hired by the county after the malware was discovered. He said progress was being made, but it was not clear if the recent success was due to negotiations or the work being done to unlock the system.
Laviolette said at the close of Monday morning’s emergency meeting that he was impressed by the reactions from county staff, who he said have maintained a professional, pleasant demeanor through a difficult experience.
“One team – one fight, that’s what we say in the military,” Laviolette said. “That’s pretty much what I saw here.”
Tillamook County commissioners voted Monday, Jan. 27, to negotiate for an encryption key to regain control of the government’s computer system…
County officials contracted a forensic computer firm, Arete Incident Response, to help after…